Mailer-daemon@

[flash_me]

Hello everyone,

I'm receving thousand of these e-mails...i've have added
filters on my cpanel but seems these kind of
e-mails bypass the cpanel filters....

Some ideas on how to solve this

Thanks



From: MAILER-DAEMON@mail.theserverbiz.com



Return-path: <>
Envelope-to: info@MYDOMAIN.com
Delivery-date: Sun, 18 Jul 2004 11:20:36 -0500
Received: from [203.107.133.45] (helo=mail.theserverbiz.com)
by myserver.com with smtp (Exim 4.34)
id 1BmEOw-0006lV-IJ
for info@MYDOMAIN.com; Sun, 18 Jul 2004 11:20:35 -0500
Received: (qmail 79913 invoked for bounce); 18 Jul 2004 16:07:14 -0000
Date: 18 Jul 2004 16:07:14 -0000
From: MAILER-DAEMON@mail.theserverbiz.com
To: info@MYDOMAIN.com
Subject: failure notice

Hi. This is the qmail-send program at mail.theserverbiz.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<jaloja@piercingexports.com>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)

--- Below this line is a copy of the message.

Return-Path: <info@MYDOMAIN.com>
Received: (qmail 79107 invoked from network); 18 Jul 2004 16:05:50 -0000
Received: from host16-102.pool80116.interbusiness.it (HELO mail.piercingexports.com) (80.116.xxx.xx)
by 0 with SMTP; 18 Jul 2004 16:05:50 -0000
Message-ID: <x737259001.3914723911236841938@grqldlduj>
From: jpeg <info@MYDOMAIN.com>
To: <jaloja@piercingexports.com>
Subject: jpeg
Date: dom, 18 lug 2004
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_16461_4414287.7418427666853"
X-Priority: 3
Microsoft Outlook Express 5.00.2314.1300

------=_Part_16461_4414287.7418427666853
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Surprise!

------=_Part_16461_4414287.7418427666853
Content-Type: application/octet-stream;
name="Surprise.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Surprise.com"

[flash_me]

up...some ideas?

[Sheldon]

your server is either

1. infected by a trojan
2. rooted
3. one of your clients or someone is spamming!

those are likely situations

[flash_me]

the problem is how are these e-mail bypassing cpanels filters?

[Sheldon]

possibilities

1. youve been rooted
2. mailerdaemons always bypass filters :P

you should never use filters on them anyways.. you should always recieve them
how else do you know if there is a problem if you never recieve them... they are not a
simple annoyance problem. they are there for a reason... :P

Sheldon

[flash_me]

i agree with you but i'm receiving thousand of e-mails just like the one i post, no way to block it ?

[Sheldon]

use your mail client filters to delete the emails!

and .. then id suggest forking over lotsa $$ to have your server fixed...

either that backup personal files only and format!

[Leandro]

Hello:

I have the same problem and fix it renaming the senmail link

I hope it helps you !!!

[chirpy]

1. infected by a trojan
2. rooted
3. one of your clients or someone is spamming!

Nope, that's wrong.

If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

these things usually blow over after 24-48 hours.

[Leandro]

Are there any way to fix it finaly?

renaming sendmail some local delivery fails... but doing it for a few minutes, the sent stops...

How can we stop this ****************ing spammers ???

thanks a lot !!!

[geeshock]

Solution, re-install and restore a backup. PPL think I'm insane for backing up everynight, sometimes twice a day but issues like this are exactly why I do them. rsync -azv -H -e has always did me right

[flash_me]

Nope, that's wrong.

If you look at the bounced email header you'll see that the last received header record (the only one you can trust) comes from host16-102.pool80116.interbusiness.it - a dialup port.

What you're suffering from is spam bounces where you are the innocent party in a forged header that has your email address in the from field.

Unfortunately, there's little you can do about this other than ride it out. You ought not filter out mailer-daemon emails as they are the last resort for delivery failure notification and are essential for tracking down mailing issues.

these things usually blow over after 24-48 hours.

Chirpy you where right, actually after 20 days with thousand and thousand of e-mails things got fixed .

[tandyuk]

Roll on SPF!

Im having the same problem, but with 600,000 mails in the queue.

Does anyone know a quick way a clearing exims queue?

[webits]

Easy go to your WHM ROOT go to exim and discard

[Sash]

Hello:

I have the same problem and fix it renaming the senmail link

I hope it helps you !!!

What do you mean by "renaming the sendmail link"?

Thanks
Mike